Name/Expression -expand MemberOf

Tagged: 

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of Grant Harrington Grant Harrington 4 months, 1 week ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #39074
    Profile photo of Grant Harrington
    Grant Harrington
    Participant

    I've got the following Name/Expression working to list only the CN of each group this user is a member of.

    $WIPMemberOf = @{n="MemberOf";e={($_ | Select -ExpandProperty MemberOf) | Where {$_ -match "CN=(.*?),"} | ForEach{$Matches[1]}}}
    $ADUC_Users | where {$_.samaccountname -like 'GRANT.HARRINGTON'} | Select $WIPMemberOf | fl

    The only remaining issue is the output is still listed in curly braces.

    MemberOf: {Group01,Group02,SomeOtherGroup...}

    I'm not sure where to place -join ',' as I'm hoping to get it output like this:

    MemberOf: Group01,Group02,SomeOtherGroup,LastGroup

    #39076
    Profile photo of Curtis Smith
    Curtis Smith
    Participant

    This is an intriguing way of doing this, but there ya go.

    $WIPMemberOf = @{n="MemberOf";e={(($_ | Select -ExpandProperty MemberOf) | Where {$_ -match "CN=(.*?),"} | ForEach{$Matches[1]}) -join ","}}
    
    #39082
    Profile photo of Grant Harrington
    Grant Harrington
    Participant

    That worked nicely. Thank you.

    My reason for doing it this way is that when I have multiple properties that have a expandable attribute, I can create multiple name/expression variables and view only the "name" (CN).

    Using your response I was able to quickly achieve this:
    MemberOf: Group01,Group02,SomeOtherGroup,LastGroup
    DirectReports: User01, User02, LastUser

    If you have a suggestion for another way to achieve the same, I'd be interested in that.

    Thanks again.

    #39085
    Profile photo of Curtis Smith
    Curtis Smith
    Participant

    Hey Grant,
    What makes your approach interesting is the use of the predefined hash table variable $WIPMemberOf to use to calculate the value in the select-object. I had just never seen that approach before. With that said; however, this approach does end up breaking your information into multiple objects of just name and value as opposed to one object that can use the rest of the powershell cmdlets to control the presentation. Let me give an example of what I mean.

    You can use Select object from your Get-ADUser results to just get the properties you want and create custom properties if needed.

    Get-ADUser -filter {samaccountname -eq 'user1 '} -Properties MemberOf,DirectReports |
    Select-Object SamAccountName,
                  @{Label = 'MemberOf'; Expression = {($_.MemberOf | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","}},
                  @{Label = 'DirectReports'; Expression = {($_.DirectReports | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","}}
    

    Results:

    SamAccountName                               MemberOf                                     DirectReports                              
    --------------                               --------                                     -------------                             
    user1                                        WindowsAdmins,CA Power Users                 export,Power 2. User,Power 1. User
    

    Since this keeps all of the data in a single object, you can use the formats to change how the data is displayed

    Get-ADUser -filter {samaccountname -eq 'user1 '} -Properties MemberOf,DirectReports |
    Select-Object SamAccountName,
                  @{Label = 'MemberOf'; Expression = {($_.MemberOf | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","}},
                  @{Label = 'DirectReports'; Expression = {($_.DirectReports | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","}} |
    Format-List
    

    Results:

    SamAccountName : user1 
    MemberOf       : WindowsAdmins,CA Power Users
    DirectReports  : export,Power 2. User,Power 1. User
    

    You can even export this using the output or export cmdlets like Export-CSV or Export-CliXML

    Get-ADUser -filter {samaccountname -eq 'user1 '} -Properties MemberOf,DirectReports |
    Select-Object SamAccountName,
                  @{Label = 'MemberOf'; Expression = {($_.MemberOf | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","}},
                  @{Label = 'DirectReports'; Expression = {($_.DirectReports | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","}} |
    Export-Csv c:\temp\export.csv
    

    As an additional option, you can also do a custom powershell object rather than using select-object if it make more sense, and gives you the same ability to pipe into other powershell cmdlets for additional processing.

    Get-ADUser -filter {samaccountname -eq 'user1 '} -Properties MemberOf,DirectReports |
    ForEach-Object {
        [pscustomobject]@{
            SamAccountName = $_.samaccountname
            MemberOf = ($_.MemberOf | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","
            DirectReports = ($_.DirectReports | ForEach-Object {([regex]"CN=(.*?),").match($_).Groups[1].Value}) -join ","
        }
    }
    
    #39087
    Profile photo of Grant Harrington
    Grant Harrington
    Participant

    Thank you for that insight. I'm a fan of custom objects for my projects whenever they make logical sense to use them, and may go that route.

    Biggest reason for the Select $somevariable, is so I can group attributes based on the GUI interface for record keeping

    $General = select attributes that are on the General tab of ADUC
    $Address = select attributes that are on the Address tab of ADUC
    etc....

    Thank you for the other options provided (and solving the original question I had), it gives me some flexibility in my scripts.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.